package utildb;

public class Util {

    public static String ignoraSQLInjection(String cad) {
        String cadena = cad;
        if (cadena != null ) {
            if (!cadena.equals("")) {
                if (cadena.indexOf("'") >= 0 || cadena.indexOf("--") >= 0 ||
                    cadena.indexOf("*") >= 0 || cadena.indexOf("%") >= 0 ||
                    cadena.indexOf("=") >= 0 ||
                    cadena.indexOf("{") >= 0 || cadena.indexOf("}") >= 0 ||
                    cadena.indexOf("[") >= 0 || cadena.indexOf("]") >= 0 ||
                    cadena.indexOf("OR") >= 0 || cadena.indexOf("LIKE") >= 0 ||
                    cadena.indexOf("SELECT") >= 0 || cadena.indexOf("DELETE") >= 0 ||
                    cadena.indexOf("INSERT") >= 0 || cadena.indexOf("UPDATE") >= 0) {
                    cadena = "XXXXXXXXX";
                }
            }                
        }
        return cadena;
    }

    public static String limpiarSQLInjection(String cad) {
        String cadena = cad;
        cadena=cadena.toUpperCase();
        
        String marca="~";        
        StringBuffer cadenaTemp = new StringBuffer(cad);         
        Integer tamCad;
        
        if (cadena != null ) {
            if (!cadena.equals("")){
                cadena = cadena.replaceAll("'","~"); 
                cadena = cadena.replaceAll("--","~~");
                cadena = cadena.replaceAll("%","~");
                cadena = cadena.replaceAll("OR ","~~~");
                cadena = cadena.replaceAll("LIKE ","~~~~~");
                cadena = cadena.replaceAll("SELECT ","~~~~~~~");
                cadena = cadena.replaceAll("DELETE ","~~~~~~~");
                cadena = cadena.replaceAll("INSERT ","~~~~~~~");
                cadena = cadena.replaceAll("UPDATE ","~~~~~~~");
                cadena = cadena.replaceAll("DROP ","~~~~~");
                cadena = cadena.replaceAll("ALTER ","~~~~~~");
                
                cadena = cadena.replaceAll("OR//*","~~~~");
                cadena = cadena.replaceAll("SELECT//*","~~~~~~~~");
                cadena = cadena.replaceAll("DELETE//*","~~~~~~~~");
                cadena = cadena.replaceAll("INSERT//*","~~~~~~~~");
                cadena = cadena.replaceAll("UPDATE//*","~~~~~~~~");
                cadena = cadena.replaceAll("DROP//*","~~~~~~");
                cadena = cadena.replaceAll("ALTER//*","~~~~~~~");
                
                cadena = cadena.replaceAll("<","~");
                cadena = cadena.replaceAll(">","~");                
                cadena = cadena.replaceAll("<SCRIPT>","~~~~~~~~");
                cadena = cadena.replaceAll("</SCRIPT>","~~~~~~~~~");
                cadena = cadena.replaceAll("STYLE","~~~~~");                
                
                cadena = cadena.replaceAll("STYLE","~~~~~~");             
            }
            
            // Logica para no alterar la cadena de ingreso (mayuscula y minuscula)
            tamCad=cadena.length();            
            for(int i=0 ; i<tamCad;i++) {
               if(cadena.charAt(i)==marca.charAt(0)){                   
                   cadenaTemp.setCharAt(i,marca.charAt(0));
               }
            }            
            cadena = cadenaTemp.toString();
            cadena = cadena.replaceAll(marca,"");
        }
        return cadena;
    }
    
    public static String limpiarSQLInjectionBusqueda(String cad) {
        String cadena = cad;
        cadena=cadena.toUpperCase();
        
        String marca="~";        
        StringBuffer cadenaTemp = new StringBuffer(cad);         
        Integer tamCad;
        
        if (cadena != null ) {
            if (!cadena.equals("")){                                 
                cadena = cadena.replaceAll("--","~~");
                cadena = cadena.replaceAll("'","%");                 
                cadena = cadena.replaceAll(" OR ","~~");
                cadena = cadena.replaceAll(" AND ","~~");
                cadena = cadena.replaceAll("LIKE","~~~~");
                cadena = cadena.replaceAll("SELECT","~~~~~~");
                cadena = cadena.replaceAll("DELETE","~~~~~~");
                cadena = cadena.replaceAll("INSERT","~~~~~~");
                cadena = cadena.replaceAll("UPDATE","~~~~~~");
                cadena = cadena.replaceAll("DROP","~~~~");
                cadena = cadena.replaceAll("ALTER","~~~~~");
                
                cadena = cadena.replaceAll("<","~");
                cadena = cadena.replaceAll(">","~");                
                cadena = cadena.replaceAll("<SCRIPT>","~~~~~~~~");
                cadena = cadena.replaceAll("</SCRIPT>","~~~~~~~~~");
                cadena = cadena.replaceAll("STYLE","~~~~~");                
            }
           cadena = cadena.replaceAll(marca,"");
        }
        return cadena;
    } 
}
